package com.beerbear.springbootsecurity.config;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

/**
 * @Author: Beer Bear
 * @Description: 自定义Security的配置，重写WebSecurityConfigurerAdapter中的方法即可
 * @Date: 2021/9/13 9:16
 */
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
            .withUser("admin").password(new BCryptPasswordEncoder().encode("admin")).roles("ADMIN")
            .and()
            .withUser("terry").password(new BCryptPasswordEncoder().encode("terry")).roles("USER")
            .and()
            .withUser("larry").password(new BCryptPasswordEncoder().encode("larry")).roles("USER");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // 关闭csrf防御功能
        http.authorizeRequests().anyRequest().authenticated().and().httpBasic().and().csrf().disable();

        //
    }


}
